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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 
In Re Application of: Date: December 8, 2000 

Collberg, et al. 

Serial No.: Unassigned Group Art Unit: Unassigned 

Filed: Herewith Examiner: Unassigned 

For: SOFTWARE WATERMARKING TECHNIQUES 

Honorable Commissioner of Patents and Trademarks 
Washington, D.C 20231 



PRELIMINARY AMENDMENT 

Sir: 

Please amend the above-identified application in the following manner: 
IN THE CLAIMS: 

1. (Amended) A method of watermarking a software object comprising the steps of: 
(a) providing an input sequence; and 

(b) storing Twherebvl a watermark [is stored] in the state of the software object as [it] 
the software object is being run with [a particular] the input sequence. 

2. (Amended) [A] The method as claimed in claim 1 wherein the software object [may 
be] is a program or apiece of aprogram. 

I hereby certify that this correspondence is being deposited with the United States Postal Service "Express 
Mail Post Office to Addressee" service under 37 CFR 1.10, and is addressed to the Commission of Patents and 
Trademarks, Box Patent Applications, Washington, D.C. 2023 1, on December 8, 2000. Express Mail Label No. 
EL547856412US. Signature of Person mailing paper/fee: 
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3. (Amended) [A] The method as claimed in [any one of] claim[s] 1 [or 2] wherein the 
state of the software object [may] corresponds to the current values held in [the]a stack, aheap, 
and global variables [, registers, program counter and the like,] of the software object . 

4. (Amended) [A] The method [as claimed in any preceding] of claim 1 or 2 or 3 
wherein the watermark is stored in an [object's] execution state of the software object whereby 
[an]the input sequence [7] is constructed which, when fed to an application of which the software 
object is a part, will make the software object [O] enter a second state which [represents]is a 
representation of the watermark, the representation being validated or checked by examining the 
stack, heap, global variables, registers, program counter and the like, of the software object [O]. 

5. (Amended) [A] The method [as claimed in any one] of claimfs] 1 or 2 wherein the 
watermark is embedded in [the] an execution trace of the software object [O] whereby, as a 
special input [7] is fed to rO] the software object [the] an address/operator trace is monitored and, 
based on a property of the trace, [a]the watermark is extracted. 

6. (Amended) [A] The method [as claimed in any one] of claimfs] 1 [to 4] or 2 or 3 
wherein the watermark is embedded in [the] a topology of a dynamically built graph structure. 

7. (Amended) [A] The method [as claimed in] of claim 6 wherein the dynamically built 
graph structure [(or watermark graph)] corresponds to a representation of [the]a data structure of 
the program and may be viewed as a set of nodes together with a set of vertices. 
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8. (Amended) [A] The method [as claimed in any preceding] of claim 1, or 2 or 3 further 
comprising the step of: 

(c) b uilding a recognizer [R] concurrently with the input [7] sequence and the 

watermark [W], 

9. (Amended) [A] Thg method [as claimed in] of claim 8 wherein \R] the recognizer is a 
function adapted to identify and extract the watermark [graph] from all other dynamic structures 
on [the] a heap or stack. 

10. (Amended) [A] The method [as claimed in either] of claim 8 [or 9] wherein the 
watermark [W] incorporates a marker that will allow [R] the recognizer to recognize it easily. 

11. (Amended) [A] The method [as claimed in any one] of claim[s] 8 [to 10] wherein 
[R] the recognizer is retained separately from the program and whereby [R] the recognizer 
inspects the state of the program. 

12. (Amended) [A] The method [as claimed in any one] of claim[s] 8 [to 1 1] wherein 
[R] the recognizer is dynamically linked with the program when it is checked for the existence of 
a watermark. 

1 3 . (Amended) [A] The method [as claimed in any preceding] of claim 1, or 2, or 3 
wherein [the application of which] the software object [forms a] is_ part of an application that is 
obfuscated or incorporates tamper-proofing code. 
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14. (Amended) [A] The method [as claimed in any one] of claimfs] 8 [to 12] wherein 
[R] the recognizer checks [W] the watermark for a signature property [s(W)\ 



15. (Amended) [A] The method [as claimed in] of claim 14 wherein the signature 
property [s(W)] is evaluated by testing for a specific result from a hard computational problem. 

16. (Amended) [A] The method [as claimed in either] of claim 14 [or claim 15] 
including the step of: 

(d) Tthe creation of] creating a number having at least one numeric property ^] which 

[may be] is embedded in the topology of [W] the watermark , whereby the signature property 
[may be] is evaluated by testing [one or more] the at least one numeric property rproperties of n\. 

17. (Amended) [A] The method [as claimed in] of claim 16 wherein the signature 
property is evaluated by testing whether [n] the number is [the] a product of two primes. 

18. (Amended) A method of verifying the integrity or origin of a program including the 
steps of : 

(a) watermarking the program with a watermark [W] 9 wherein the watermark [W] is 

stored in the state of a program as the program is being run with an [particular] input sequence[ 

(b) building a recognizer [R] concurrently with the input [7] sequence and watermark 

W wherein the recognizer is adapted to extract the watermark [graph] from other dynamically 
allocated data wherein [R] the recognizer is kept separately from the program; wherein [i?]the 



recognizer is adapted to check for a number[ «]. 
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19. (Amended) [A] The method [of verifying the integrity of origin of a program as 
claimed in] of claim 18, wherein the number \ri\ is the product of two primes and wherein [n] the 
number is embedded in [the] a topology of[W] the watermark . 

20. (Amended) [A] The method [as claimed in either] of claim 18 or claim 19 wherein 
the number [n] is derived from a[ny] combination of numbers depending on [the] a context and 
an applicatio n for the watermark . 

21. (Amended) [A] The method [as claimed in any one] of claim[s] 18 or 19 [to 20] 
wherein the program [or code] is further adapted to be resistant to tampering, the resistance to 
tampering capable of being fpreferablv ]by means of obfiiscation or by adding tamper-proofing 
code. 

22. (Amended) [A] The method [as claimed in any one] of claim[s] 18 or 19 [to 21] 
wherein the recognizer [R] checks for the effect of the watermarking code] on [the] an execution 
state of the [application] program, thereby preserving [the] an ability to recognize the watermark 
[in cases] where semantics-preserving transformations have been applied to the 
[application] program . 

23. (Amended) A method of watermarking software including the steps of: 
(a) embedding a watermark in a static string; and 
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(b) applying an obfuscation technique whereby [this]the static string is converted into 
executable code. 

24. (Amended) A method of watermarking software comprising the steps of: 

(a) [wherein the] choosing a watermark [Wis chosen] from a class of graphs 

^ having a plurality of members, [wherein] each member of [G] the class of graphs has [one or 
more properties, such as planarity] at least one property , [said] the at least one p roperty being 
capable of being tested by integrity-testing software ; and 

(b) applying the watermark to the software . 

25. (Amended) [A] The method of [watermarking software as claimed in] claim 24 
wherein the watermark is rendered tamperproof to certain transformations by subjecting the 
watermark graph to one or more local transformations. 

26. (Amended) [A] The method of [watermarking software as claimed in] claim 25 
wherein the watermark is a watermark graph including at least one node and wherein each of the 
at least one node of the watermark graph is expanded into a cycle. 

27. (Amended) A method of fingerprinting software comprising the steps of: 

(a) providing [wherein] a plurality of watermarked programs., [obtained as claimed in 

any preceding claim are produced] the plurality of watermarked programs being obtained by 
providing an input sequence for each program of the plurality of programs and storing a 
watermark in a state of a software object for the program as the software object is being run with 
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the input sequence , 

28. (Amended) [A]The method of fingerprinting software as claimed in claim 27 wherein 
the plurality of watermarked programs each of which has a number [n] with a common prime 
factor \p]. 

Please cancel claim 29. 

30. (Amended) [Software written to perform the method as claimed in any preceding 
claiml A computer readable medium including a program for watermarking a software object, the 
program including instructions for: 

(a) providing an input sequence; and 

(b) storing a watermark in the state of the software object as the software object is being run 

with the input sequence . 

3 1 . (Amended) A computer [programmed to perform the method as claimed in any one 
of claims 1 to 271 comprising: 

a software object; 

an input sequence; and 

a watermark stored in the state of the software object as the software object is being run with the 

input sequence . 
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Please add the following claims; 

32. A method of fingerprinting software comprising the steps of: 

(a) providing a plurality of watermarked programs, the plurality of watermarked 
programs being obtained by watermarking each program of the plurality of programs with a 
watermark, wherein the watermark is stored in the state of a program as the program is being run 
with an input sequence and building a recognizer concurrently with the input sequence and 
watermark W wherein the recognizer is adapted to extract the watermark from other dynamically 
allocated data wherein the recognizer is kept separately from the program; wherein the 
recognizer is adapted to check for a number. 

33. A method of fingerprinting software comprising the steps of: 

(a) providing a plurality of watermarked programs, the plurality of watermarked programs 
being obtained by watermarking each program of the plurality of programs with a watermark, the 
watermark being obtained by embedding a watermark in a static string and applying an obfuscation 
technique whereby the static string is converted into executable code. 

34. A method of fingerprinting software comprising the steps of: 

(a) providing a plurality of watermarked programs, the plurality of watermarked programs 
being obtained by watermarking each program of the plurality of programs with a watermark, the 
watermark being obtained by choosing a watermark from a class of graphs having a plurality of 
members, each member of the class of graphs has at least one property, the at least one property 
being capable of being tested by integrity-testing software and applying the watermark to the 
software. 
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35. A computer-readable medium including a program for verifying the integrity or 
origin of a program, the program including instructions for: 

(a) watermarking the program with a watermark, wherein the watermark is stored in 
the state of a program as the program is being run with an input sequence; 

(b) building a recognizer concurrently with the input sequence and watermark 
wherein the recognizer is adapted to extract the watermark from other dynamically allocated data 
wherein the recognizer is kept separately from the program; wherein the recognizer is adapted to 
check for a number. 

36. A computer-readable medium including a program for watermarking software, the 
program including instructions for: 

(a) embedding a watermark in a static string; and 

(b) applying an obfiiscation technique whereby the static string is converted into 
executable code. 

37. A computer-readable medium including a program for watermarking software, the 
program including instructions for: 

(a) choosing a watermark from a class of graphs having a plurality of members, each 
member of the class of graphs has at least one property, the at least one property being capable of 
being tested by integrity-testing software; and 

(b) applying the watermark to the software. 



38. A computer capable of verifying the integrity or origin of a program, the computer 
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comprising: 

an input sequence; 

a watermark for watermarking the program, wherein the watermark is stored in the state 
of a program as the program is being run with the input sequence; 

a recognizer built concurrently with the input sequence and watermark wherein the 
recognizer is adapted to extract the watermark from other dynamically allocated data wherein the 
recognizer is kept separately from the program; wherein the recognizer is adapted to check for a 
number. 

39. A computer for watermarking software comprising: 
a static string; 

a watermark embedded in the static string; and 

an obfuscation technique for converting the static string into executable code. 

40. A computer comprising: 

a watermark from a class of graphs having a plurality of members, each member of the 
class of graphs has at least one property, the at least one property being capable of being tested 
by integrity-testing software; and 

software to which the watermark is applied. 
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09/719399 



ABSTRACT 

A method and system for watermarking software is disclosed. In one aspect, the method and 
system include providing an input sequence and storing a watermark in the state of a software object as 
the software object is being run with the input sequence. In another aspect, the method and system verify 
the integrity or origin of a program by watermarking the program. The watermark is stored as described 
above. In this aspect, the method and system also include building a recognizer concurrently with the 
input sequence and the watermark. The recognizer can extract the watermark from other dynamically 
allocated data and is kept separately from the program. The recognizer is adapted to check for a number. 
In another aspect, the software is watermarked by embedding a watermark in a static string and 
applying an obfuscation technique to convert the static string into executable code. In another 
aspect, the watermark is chosen from a class of graphs having a plurality of members and applied 
to the software. Each member of the class of graphs has at least one property that is capable of 
being tested by integrity-testing software. 



Attorney Docket: 1968NP/CC503326-003 



REMARKS 



This Amendment is made to more particularly claim the present invention. Claims 1 -3 1 
are pending in the international application, Serial No. PCT7NZ99/00081 . In the present national 
phase application, Applicant has amended claims 1-28 and 30-31, and has canceled claim 29. 
Applicant has also added claims 32-40. Consequently, claims 1-28 and 30-40 remain pending in 
the present application entered herewith into the national phase under 37 USC 3.71 . 

Applicant's attorney believes that this application is in condition for allowance. Should 
any unresolved issues remain, Examiner is invited to call Applicant's attorney at the telephone 
number indicated below. 



Respectfully submitted, 




Joseph A! Sawyer, Jr. 
Sawyer Law Group LLP 
Attorney for Applicant 
(650) 493-4540 
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SOFTWARE WATERMARKING TECH NIQUES 
FIELD OF THE INVENTION 

The present invention relates to methods for protecting software against theft, 
5 establishing/proving ownership of software and validating software. More particularly, 
although not exclusively, the present invention provides for methods for 
watermarking what will be generically referred to as software objects. In this context, 
software objects may be understood to include programs and certain types of media. 

10 BACKGROUND TO THE INVENTION 

Watermarking is the process of embedding a secret message, the watermark, into a 
cover or overt message. For example, in media watermarking, the secret is 
commonly a copyright notice and the cover is a digital image, video or audio 
recording. Fingerprinting is a method whereby each individual software application 

15 incorporates a, potentially, unique, watermark which allows that particular example of 
the software to be identified. Fingerprinting may be viewed as a multiple use of 
watermarking techniques. 

The watermark is constructed to make it difficult to remove the watermark without 
20 damaging the software object in which it is embedded. Such watermarks may only 
be removed safely by someone (or some process) in possession of one or more 
secrets that were employed while constructing the watermark. 

Watermarking a software object (hereafter referred to as an object) discourages 
25 intellectual property theft. A further application is that watermarking an object can be 
used to establish and/or prove evidence of ownership of an object. Fingerprinting is 
similar to watermarking except a different watermark is embedded in every cover 
message thus providing a unique fingerprint for every object Watermarking is 
therefore a subset of fingerprinting and the latter may be used to detect not only the 
30 fact that a theft has occurred, but may also allow identification of the particular object 
and thus establish an audit trail which can be used to reveal the infringer of 
copyright. 



In the context of prior art watermark techniques, the following scenario serves to 
35 illustrate the ways in which a watermarked object may be vulnerable to attack. With 
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reference to figure 1, suppose that A watermarks an object O with a watermark W 
and key K. If the object O is sold to B and B wishes to (illegally) on-sell O to C, there 
are various types of attack to which O may be vulnerable. 

Detection: initially B must try and detect the presence of the watermark in O. If there 
is no watermark, no further action is necessary. 

Locate and remove: once B has determined that O carries a watermark, B may try to 
locate and remove W without otherwise harming the rest of the contents of O. 

Distort: if some degradation in quality of O is acceptable, B may distort it sufficiently 
so that it becomes impossible for A to detect the presence of the watermark W in the 
object O. 

Add: alternatively, if removing the watermark Wis too difficult, or distorting the object 
O is not acceptable, B might simply add his own watermark W (or several such 
marks) to the object O. This way, A's mark becomes just one of many. 

It is considered that most media watermarking schemes are vulnerabfe to attack by 
distortion. For example, image transforms such as cropping and lossy compression 
will distort the image sufficiently to render many watermarks unrecoverable. 

To the knowledge of the applicants there exists no effective watermarking scheme 
which is capable of use with or appropriate for software. It would be a significant 
advantage to be able to apply watermarking techniques to software in view of the 
widespread occurrence of software piracy. It is estimated at software piracy costs 
approximately 15 billion dollars per year. Thus the problem of software security and 
protection is of significant commercial importance. 

One simple way, known in the prior art, of embedding a watermark in a piece of 
software is simply to include it in the initialized static data section of the object code. 
In a similar, yet more complex manner, watermarks are often encoded in what is 
known as an "Easter egg". This is a piece of code, which is activated for a highly 
unusual or seldom encountered input to the particular application, which displays a 
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watermark image, piays a watermark sound, or, in some way, alerts the user that the 
watermark code has been activated. 



Thus, it is an object of the present invention to provide methods for watermarking 
5 software objects which overcomes the limitations inherent in prior art watermarking 
techniques and allows for non-media objects to be watermarked effectively. It is a 
further object of the present invention to provide methods for watermarking software 
objects which are resistant to the aforementioned techniques for attacking watermark 
objects or to at least provide the public with a useful choice. 

10 

DISCLOSURE OF THE INVENTION 

In one aspect, the invention provides for a method of watermarking a software 
object whereby a watermark is stored in the state of the software object as it is being 
run with a particular input sequence. 

15 

The software object may be a program or piece of program. 

The state of the software object may correspond to the current values held in the 
stack, heap, global variables, registers, program counter and the like. 

20 

In a preferred embodiment, the watermark may be stored in an object's execution 
state whereby a {possibly empty) input sequence / is constructed which, when fed to 
an application of which the object is a part, will make the object O enter a state which 
represents the watermark, the representation being validated or checked by 
25 examining the dynamically allocated data structures of the object O. 

In an alternative embodiment, the watermark could be embedded in the execution 
trace of the object O whereby, as a special input / is fed to O, the address/operator 
trace is monitored and, based on a property of the trace, a watermark is extracted. 

30 

In a preferred embodiment, the watermark is embedded in the state of the program 
as it is being run with a particular input sequence /-/,... I k 

The watermark may be embedded in the topology of a dynamically built graph 
35 structure. 
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The graph structure (or watermark graph) corresponds to a representation of the 
data structure of the program and may be viewed as a set of nodes together with a 
set of vertices. 

5 

The method may further comprise building a recognizer R concurrently with the 
input / and watermark W. 

Preferably R is a function adapted to identify and extract the watermark graph from 
io all other dynamically allocated data structures. 

In an alternative, less preferred embodiment, the watermark W may incorporate a 
marker that will allow R to recognize it easily. 

15 In a preferred embodiment, R is retained separately from the program whereby R is 
dynamically linked with the program when it is checked for the existence of a 
watermark. 

Preferably the application of which the object forms a part is obfuscated or 
20 incorporates tamper-proofing code. 

In a preferred embodiment, R extracts a value n from the topology of the graph 
comprising the watermark W. 

25 The watermark W has a signature property s where s(W) evaluates to "true" if the 
watermark W is recognisable wherein the recogniser R tests a presumed watermark 
W by evaluating the signature property s(W), 

30 In a preferred embodiment, the method includes the creation of a number n which 
may be embedded in the topology of a watermark graph, wherein the signature 
property s(W) is a function of a number n so embedded. 

In a preferred embodiment, the signature property s(W) is "true" if and only if the 
35 number n is the product of two primes. 
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The invention further provides for a method of verifying the integrity or origin of a 
program including: 

watermarking the program with a watermark W in the state of a program as the 
program is being run with a particular input sequence /; 

building a recognizer R concurrently with the input / and watermark W wherein the 
recognizer is adapted to extract the watermark graph from other dynamically 
allocated data structures wherein R is kept separately from the program; wherein R 
is adapted to check for a number n, n, in a preferred embodiment, being the product 
of two primes and wherein n is embedded in the topology of W. 

Preferably, the signature property may be evaluated by testing for a specific result 
from a hard computational problem. 

The number n may be derived from any combination of numbers depending on the 
context and application. 

Preferably the program or code is further adapted to be resistant to tampering, 
preferably by means of obfuscation or by adding tamper-proofing code. 

Preferably the watermarks W are chosen from a class of graphs G wherein each 
member of G has one or more properties, such as planarity, said property being 
capable of being tested by integrity-testing software. 

in an alternative embodiment, the watermark may be rendered tamperproof to 
certain transformations, such as attacks, by expanding each node of the watermark 
graph into a /-cycle, where j may be any number from 1 to 5. 

In a broad aspect, the recognizer R checks for the effect of the watermarking code 
on the execution state of the application thereby preserving the ability to recognize 
the watermark in cases where semantics-preserving transformations have been 
applied to the application. 

In a further aspect, the invention provides for a method of watermarking software 
including the steps of: 

03125722 
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embedding a watermark in a static string, then applying an obfuscation 
technique whereby this static string is converted into executable code. 

The executable code is called whenever the static string is required by the program. 
BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention will now be described by way of example only and with 
reference to the figures in which: 

Figure 1 : illustrates methods of adding a watermark to an object and attacking 
the integrity of such a watermark; 

Figure 2: illustrates methods of embedding a watermark in a program; 

Figure 3: illustrates an example of a function used to embed a watermark within 



a static string; 



Figure 4: 



illustrates insertion of a bogus predicate into a program; 



Figure 5: 



illustrates splitting variables; 



Figure 6; 



illustrates merging variables; 



Figure 7: 



illustrates the conversion of a code section into a different virtual 
machine code; 



Figure 8; 



illustrates an example of a method of the watermarking scheme 
according to the present invention; 



Figure 9: 



illustrates a possible encoding method for embedding a number in the 
topology of a graph; 
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Figure 10: illustrates another possible embodiment for embedding a number in 
the topology of a graph; 

Figure 1 1 ; illustrates a marker in a graph; 

Figure 12: illustrates examples of obfuscating transformations; 

Figure 1 3: illustrates examples of tamperproofing Java code; 



10 Figure 14: illustrates enumeration encoding in a planted plane cubic tree on 2m = 
8 nodes; and 

Figure 15: illustrates tamperproofing against node-splitting. 

15 Referring to Figure 1(b) a way is shown by which Bob can circumvent a 
watermarking scheme by distorting the protected object. If the distortion is at "just 
the right level", O will still be usable by Bob, but Charles will be unable to extract the 
watermark. In Figure 1(9), the distortion is so severe that O is no longer functional, 
so Bob will not be able to use it, nor is he able to on-sell it. 

20 

In the present context, tamperproofing is applied in order to prevent an adversary 
from removing the watermark and to provide assurance to the software end-user that 
the software object hasn't been tampered with. Thus the Integrity' of the program 
may be verified. The primary aim of the present invention is to allow accurate 
25 assertion of ownership of a software object with a secondary purpose being to 
ensure the integrity of the object. 
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It has been shown that there are transformations, called obfuscating transformations, 
that will destroy almost any kind of program structure while preserving the semantics 
(operational behaviour) of the program. Other semantics preserving transformations, 
such as optimising transformations known from the prior art can be used to similar 
5 effect. As a consequence, any software watermarking technique must be evaluated 
with respect to its resilience to attack from automatic application of semantics 
preserving transformations, such as obfuscation. The following discussion will survey 
obfuscating transformations that can be used to destroy software watermarks. 

10 In Figure 2a a watermark is embedded within a static string. There are several ways 
of rendering watermarks unrecogisabie, the most effective perhaps by converting 
static strings into a program that produces the data. As an example, consider the 
function G in Figure 3. This function was constructed to obfuscate the strings "AAA", 
"BAAAA", and "CCB". The values produced by G are G(1)= M AAA'\ G(2)="BAAAA ,, f 

15 G(3)=G(5)="CCB'\ and G(4)= ,, XCB". 



In Figure 2b Alice embeds a watermark within the program code itself. There are 
numerous ways to attack such code. Figure 4, for example, shows how it is possible 
to insert bogus predicates into a program. These predicates are called opaque since 
20 their outcome is known at obfuscation time, but difficult to deduce otherwise. Highly 
resilient opaque predicates can be constructed using hard static analysis problems 
such as aliasing. 

In Figure 2c a watermark is embedded within the state (global, heap, and stack data, 
25 etc.) of the program as it is being run with a particular input /. Different obfuscation 
techniques can be employed to destroy this state, depending on the type of the data. 
For example, one variable can be split into several variables (Figure 5) or several 
variables can be merged into one (Figure 6). 

30 In Figure 2d a watermark is embedded within the trace (either instructions or 
addresses, or both) of the program as it is being run with a special input sequence / 
- /* I* ... /*. In an alternative embodiment, a watermark may be embedded within a 
series of execution traces, said series of traces being generated as the program is 
run on a special input. This special input is comprised of a series of one or more 

35 input sequences, where each input sequence is generated by a specific process 
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which may incorporate a random or pseudorandom number generator. Execution 
traces have many properties that may be observed by a watermark recogniser R. 
One example of such a property is "if the program passes point P1 in O, then there's 
a 32% chance that it will also pass point PT. Another example of such a property is 
5 the frequency at which some specific basic operation, such as addition, is performed. 
A specific collection of {one or more) such execution-trace properties is the 
watermark W. The signature property s(W) for this W is that all the property values 
are within some predefined tolerance. For example, we might require that our 
sample property P1-P2 have a value between 30% and 34% on a randomly- 
10 generated series of 10000 inputs (note that we would not expect to observe an 
"exact match" to our 32% estimated mean-value for this property P1-P2, because 
each randomly-generated series of inputs would give us a somewhat different 
measurement for this property value). 

15 Many of the same transformations that can be used to obfuscate code will also 
obfuscate an instruction trace. Figure 7 shows another, more potent, transformation. 
The idea is to convert a section of code (Java bytecode in our case) into a different 
virtual machine code. The new code is then executed by a virtual machine interpreter 
included with the obfuscated application. The execution trace of the new virtual 

20 machine running the obfuscated program will be completely different from that of the 
original program. In Figure 2e, a watermark is embedded in an Easter Egg. Unless 
the code is obfuscated, Easter Eggs may be found by straightforward techniques 
such as decompilation and disassembly. 

25 In this section, techniques for embedding software watermarks in dynamic data 
structures are discussed. The inventors view these techniques as the most 
promising for withstanding de-watermarking attacks by obfuscation. 

The basic structure of the proposed watermarking technique is outlined in Figure 8, 
30 The method is as follows: 

1. The watermark Wis embedded, not in the static structure of the program, its 
code (Unix text segment), its static data (Unix initialised data segment), or its 
type information (Unix symbol segment or Java's Constant Pool), but rather in 
35 the state of the program as it is being run with a particular input sequence / 
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(of length k) whose elements are / = l 1f l 2 ... I k . Of course k may be 0, in which 
case there is no input and the input sequence is empty. 



2. More specifically, the watermark is embedded in the topology of a 
dynamically built graph structure. It is believed that obfuscating the topology 
of a graph is fundamentally more difficult than obfuscating other types of 
data. Moreover, it is anticipated that tamperproofing such a structure should 
be easier than tamperproofing code or static data. This is particularly true of 
languages like Java, where a program has no direct access to its own code. 

3. A Recogniser R is built along with the input / and watermark W. R is a 
function that is able to identify and extract the watermark graph from among 
all other dynamic allocated data structures. Since, in general, sub-graph 
isomorphism is a difficult problem, it is possible that W will have some special 
marker that will allow R to recognise W easily. Alternatively, W may be 
formed immediately after input i k is processed, i.e. markers may not be 
necessary. Markers are considered ( unstealthy J for the following reason. If a 
marker is easily recognisable by a recogniser, an adversary might discover it 
- perhaps by way of a collusive attack on a collection of fingerprinted objects. 
The use of markers can be avoided by exploiting the recogniser's knowledge 
of the secret input sequence in the following way: the watermark will be 
completed immediately after the k m input (l k ) of this sequence is presented to 
the program. The recogniser knows the value of "k" and therefore is able to 
look for the watermark graph effectively, by examining the nodes that were 
allocated or modified during the processing of In contrast, the adversary 
would be unaware of the length of this sequence and would therefore have to 
"guess 1 a value of a k n as well as the values (1^ 1 2 ... I k ) in the input sequence I, 
before looking for the watermark. 



30 4. An important aspect of the proposed technique is that R is not distributed 
along with the rest of the program. If it were, a potential adversary could 
identify and decompile it, and discover the relevant property of W. R is 
employed only when we check for the watermark. R may be an extension of 
the program comprised of self-monitoring code, or it may be an adjunct to a 

35 debugger or some other external means for examining the dynamic state of 
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the program. R may be linked in dynamically with the program when we 
check for the watermark. Other mechanisms are envisaged by which the 
recogniser R may observe the state of the object O. 

it is required that some signature property $(W) of W be highly resilient to 
tampering. This can be achieved, for example, by obfuscation or by adding 
tamperproofing code to the application. 

In Figure 8 it is assumed that the signature that R checks for is a number n, 
which has been embedded in the topology of W. n is the product of two large 
primes P and Q. To prove the legal origin of the program, we link in R 7 run 
the resulting program with / as input, and show that we can factor the number 
that R produces. Alternatively, s(W) can be based on hard computational 
problems other than factorisation of large integers. 
15 

The above issues will now be discussed in more detail. The first problem to be 
solved is how to embed a number in the topology of a graph. There are a number of 
ways of doing this, and, in fact, a watermarking tool should have a library of many 
such techniques to choose from. Figure 9 illustrates one possible encoding. The 

20 structure is basically a linked list with an extra pointer field which encodes a base-6 
digit. A null-pointer encodes a 0, a self-pointer a 0, a pointer to the next node 
encodes a 1, etc. A further example is shown in figure 14 whereby the watermark W 
is chosen from a class of graphs G wherein each member of G has one or more 
properties (in figure 14 - planarity) that may be tested by integrity-checking software. 

25 The integrity checking software may be incorporated into the program during the 
watermarking process. 

In the previous paragraph, it was shown how an integer n could be encoded in the 
topology of a graph. The encoding is resilient to tampering, as long as the 
30 recogniser R is able to correctly identify the nodes containing the two pointer fields in 
which we have encoded n. We now describe another encoding showing that a 
recogniser R can evaluate n if it can identify only a single pointer field per node. 

Using a single pointer per node, we can construct a watermark W in the form of a 
35 parent-pointer tree. The parent-pointer tree W is a representation of a graph G 
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known as an oriented tree enumerable by the techniques described in Knuth, Vol I 
3 rd Edition, Section 2.3,4.4. 

The number a m of oriented trees with m nodes is asymptotically a m = c(1/a) n ~ 1 /n 3/2 + 
5 0((1/a) n /n 5 *) for c ~ 0.44 and 1/a ~ 2.956. Thus we can encode an arbitrary 1000- 
bit integer n in a graphic watermark W with 1000/log 2 2.956 ~ 640 nodes. 

We construct an index n for any enumerable graph in the usual way, that is, by 
ordering the operations in the enumeration. For example, we might index the trees 

10 with m nodes in ^largest subtree first" order, in which case the path of length m-1 
would be assigned index 1. indices 2 through a m _ 1 would be assigned to the other 
trees in which there is a single subtree connected to the root node, indices a m „ ., +1 
through a m _ 1 + a^ would be assigned to the trees with exactly two subtrees 
connected to the root node, such that one of the subtrees has exactly m-2 nodes. 

is The next = a m „ 1 indices would be assigned to trees with exactly two subtrees 

connected to the root node, such that one of the subtrees has exactly m-3 nodes. 
See Figure 10 for an example. 

To aid the recognition of a watermark, the recogniser may use secret knowledge of a 
20 "signal" indicating that "the next thing that follows" is the real watermark. In a 
preferred embodiment, the secret is the input sequence /; the recogniser (but not the 
attacker) knows that the watermark will be constructed after the input sequence / = 
U> 4 - - Ik has been processed. In an alternative, but less preferred embodiment, the 
secret is an easily recognisable "marker that may be present in the watermark 
25 graph. This is similar to the signals used between baseball coaches and their 
players. See Figure 1 1 for an example. 

One advantageous consequence of the present approach is that semantics- 
preserving transformations, such as those employed in optimising compilers and 
30 those employed by obfuscation techniques which target code and static data will 
have no effect on the dynamic structures that are being built. There are, however, 
other techniques which can obfuscate dynamic data, and which we will need to 
tamperproof against. There are three types of obfuscating transformations which will 
need to be protected against: 

35 



WO 99/64973 PCT7NZ99/0008I 

13 

1 . An adversary can add extra pointers to the nodes of linked structures. This 
will make it hard for R to recognise the real graph within a lot of extra bogus 
pointer fields. 

5 2. An adversary can rename and reorder the fields in the node, again making it 
hard to recognise the real watermark. 

3. Finally, an adversary can add levels of indirection, for example by splitting 
nodes into several linked parts. 

10 

These transformations are illustrated in Figure 12. It is important to note here that 
obfuscating linked structures has some potentially serious consequences. For 
example, splitting nodes will increase the dynamic memory requirement of the 
program (each cell carries a certain amount of overhead for type information etc.), 
15 which could mean that a program which ran on, say, a machine with 32M of memory 
would now not run at all. Furthermore, if we assume that an adversary does not 
know in which dynamic structure our watermark is hidden, he is going to have to 
obfuscate every dynamic memory allocation in the entire program. 

20 Next will be discussed techniques for tamperproofing a dynamic watermark against 
the obfuscation attacks outlined above. 

The types of tamperproofing techniques that will be available will depend on the 
nature of the distributed object code. If the code is strongly typed and supports 

25 reflection (as is the case with Java bytecode) we can use these reflection capabilities 
to construct the tamperproofing code. If, on the other hand, the application is shipped 
as stripped, untyped, native code (as is the case with most programs written in C, for 
example) this possibility is not open to us. Instead, we can insert code which 
manipulates the dynamically allocated structures in such a way that obfuscating 

30 them would be unsafe. 

ANSI C's address manipulation facilities and limited reflection capabilities allow for 
some trivial tamperproofing checks: 



35 



include <stdlib.h> 
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include <stddef.h> 
struct s int a; int b;; 
void main () 

if (offsetof (struct s, a) > 
5 offsetof(struct s t b)) die(); 

if (sizeof(struct s) != 8) die(); 

} 

These tests will cause the program to terminate if the fields of the structure are 
10 reordered, or the structure is split or augmented. 

Figure 13 (a) shows how Java's reflection package allows us to perform 

similar tamperprooftng checks. Note that this example code is not completely 

general, 

15 since Java does not specify the relative order of class fields. 

Figure 13 (b) shows how we can also use opaque predicates and variables to 
construct code which appears to (but in fact, does not) perform "unsafe" operations 
on graph nodes. A de-watermarking tool will not be able to statically determine 

20 whether it is safe to apply optimising or obfuscating transformations on the code. In 
the example in Figure 13 (b), V is an opaque string variable whose value is "car", 
although this is difficult for a de-watermarker to work out statically. At 1 it appears as 
if some or all (unknown to the de-watermarker) field is being set to null, although this 
will never happen. The statement 2 is a redundant operation performing n.car = 

25 n.car, although (due to the opaque variable R whose value is always 1) this cannot in 
general be worked out statically. 

For increased obscurity, the code to build the watermark should be scattered over 
the entire application. The only restriction is that when the end of the input sequence 
30 /=/ t ... I k is reached, the watermark W has been constructed. This watermark in a 
preferred embodiment, may be composed of some or all of the components W 1f ... 

that were constructed previously. Additionally, in a preferred embodiment, some 
components W } may be composed of some of all components constructed before W h 
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if (input = /,) W,=...; 
if (input = l 2 ) W z = 

if (input = 4.,) M4. ? = ...; 
if (input = 4) W=...\ 

In order to identify the watermark structure, the recogniser must be able to 
enumerate all dynamically allocated data structures. If this is not directly supported 
by the runtime environment (as, for example, is the case with Java), we have two 
choices. We can either rewrite the runtime system to give us the necessary 
functionality or we can provide our own memory allocator. Notice, though, that this is 
only necessary when we are attempting to recognise the watermark. Under normal 
circumstances the application can run on the standard runtime system. 

A further technique is shown in figure 15. Here is illustrated a technique which 
applies a local transformation, thereby tamperproofing the watermark against an 
attack by node-splitting. Each of the nodes of the original watermark graph is 
expanded into a 4-cycle. If an adversary splits two nodes, the underlying structure 
ensures that these node will fall on a cycle. At (3) the recogniser shrinks the 
biconnected components of the underlying graphs with the result that the graph is 
isomorphic to the original watermark. 

It is envisaged that local transformations, other than expansion of nodes into cycles, 
may be employed to tamperproof the watermark against specific attackes other than 
node-splitting. For example, redundant edges may be introduced into the watermark 
in order to render the watermark tamperproof to specific attacks which involve the 
renaming and reordering of fields in nodes. 

A number of techniques are known in the prior art for hiding copyright notices in the 
object code of a program. It is the inventors' belief that such methods are not 
resilient to attack by obfuscation - an adversary can apply a series of 
transformations that will hide or obscure the watermark to the extent that it can no 
longer be reliably retrieved. 
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The present invention indicates that the most reliable place to hide a watermark is 
within the dynamically allocated data structures of the program, as it is being 
executed with a particular input sequence. 

5 A further application for the watermarking technique described above may be in 
"fingerprinting" software. In this case, each individual program (i.e. every distributed 
copy of the code) is watermarked with a different watermark. Although there is a risk 
of an adversary collusively attacking the watermark, the applicant believes that 
applying obfuscation may render it very difficult for the attacker to interpret the 

10 evidence obtained by a collusive attack. 

Where in the foregoing description reference has been made to elements or integers 
having known equivalents, then such equivalents are included as if they were 
individually set forth. 

15 

Although the invention has been described by way of example and with reference to 
particular embodiments, it is to be understood that modifications and/or 
improvements may be made without departing from the scope or spirit of the 
invention. 
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CLAIMS: 



10 



A method of watermarking a software object whereby a watermark is stored in 
the state of the software object as it is being run with a particular input 
sequence. 

A method as claimed in claim 1 wherein the software object may be a program 
or piece of program. 



3. A method as claimed in any one of claims 1 or 2 wherein the state of the 
15 software object may correspond to the current values held in the stack, heap T 

global variables, registers, program counter and the like. 

4. A method as claimed in any preceding claim wherein the watermark is stored in 
an object's execution state whereby an input sequence / is constructed which, 

20 when fed to an application of which the object is a part, will make the object O 

enter a state which represents the watermark, the representation being 
validated or checked by examining the stack, heap, global variables, registers, 
program counter and the like, of the object O. 

25 5. A method as claimed in any one of claims 1 or 2 wherein the watermark is 
embedded in the execution trace of the object O whereby, as a special input / 
is fed to O, the address/operator trace is monitored and t based on a property 
of the trace, a watermark is extracted. 

30 6, A method as claimed in any one of claims 1 to 4 wherein the watermark is 
embedded in the topology of a dynamically built graph structure. 



35 



7. 



A method as claimed in claim 6 wherein the graph structure {or watermark 
graph) corresponds to a representation of the data structure of the program 
and may be viewed as a set of nodes together with a set of vertices. 
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8. A method as claimed in any preceding claim further comprising building a 
recognizer R concurrently with the input / and watermark W. 

5 9. A method as claimed in claim 8 wherein R is a function adapted to identify and 
extract the watermark graph from all other dynamic structures on the heap or 
stack. 

10. A method as claimed in either claim 8 or 9 wherein the watermark W 
10 incorporates a marker that will allow R to recognize it easily. 

-I 11. A method as claimed in any one of claims 8 to 10 wherein R is retained 
^ separately from the program and whereby R inspects the state of the program. 

Hs 12. A method as claimed in any one of claims 8 to 11 wherein R is dynamically 

0 linked with the program when it is checked for the existence of a watermark. 

□ 13. A method as claimed in any preceding claim wherein the application of which 
5 the object forms a part is obfuscated or incorporates tamper-proofing code. 

% 

1 14. A method as claimed in any one of claims 8 to 12 wherein R checks M/for a 

signature property s(W). 

15. A method as claimed in claim 14 wherein the signature property s(W) is 
25 evaluated by testing for a specific result from a hard computational problem. 

16. A method as claimed in either claim 14 or claim 15 including the creation of a 
number n which may be embedded in the topology of W, whereby the 
signature property may be evaluated by testing one or more numeric properties 

30 ofn. 

17. A method as claimed in claim 16 wherein the signature property is evaluated 
by testing whether n is the product of two primes. 
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1 8. A method of verifying the integrity or origin of a program including: 

watermarking the program with a watermark W, wherein the watermark W is 
stored in the state of a program as the program is being run with a particular 
input sequence /; 

building a recognizer R concurrently with the input / and watermark W wherein 
the recognizer is adapted to extract the watermark graph from other 
dynamically allocated data wherein R is kept separately from the program; 
wherein R is adapted to check for a number n. 

9. A method of verifying the integrity of origin of a program as claimed in claim 18, 
wherein n is the product of two primes and wherein n is embedded in the 
topology of W. 



A method as claimed in either claim 18 or 19 wherein the number n is derived 
from any combination of numbers depending on the context and application. 

L A method as claimed in any one of claims 18 to 20 wherein the program or 
code is further adapted to be resistant to tampering, preferably by means of 
obfuscation or by adding tamper-proofing code. 

L A method as claimed in any one of claims 18 to 21 wherein the recognizer R 
checks for the effect of the watermarking code on the execution state of the 
application thereby preserving the ability to recognize the watermark in cases 
where semantics-preserving transformations have been applied to the 
application. 

. A method of watermarking software including the steps of: 
embedding a watermark in a static string; and 

applying an obfuscation technique whereby this static string is converted into 
executable code. 



A method of watermarking software wherein the watermark Wis chosen from a 
class of graphs G wherein each member of G has one or more properties, 
such as planarity, said property being capable of being tested by integrity- 
testing software. 
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25. A method of watermarking software as claimed in claim 24 wherein the 
watermark is rendered tamperproof to certain transformations by subjecting the 
watermark graph to one or more local transformations. 

5 

26. A method of watermarking software as claimed in claim 25 wherein each node 
of the watermark graph is expanded into a cycle. 

27. A method of fingerprinting software wherein a plurality of watermarked 
10 programs obtained as claimed in any preceding claim are produced. 

28. A method of fingerprinting software as claimed in claim 27 wherein the 
watermarked programs each of which has a number n with a common prime 
factor p. 

15 

29. A method substantially as herein described with reference to the drawings. 

30. Software written to perform the method as claimed in any preceding claim. 

20 31, A computer programmed to perform the method as claimed in any one of 
claims 1 to 27. 
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FIGURE 1 



fcSd 1Lr£? T ce ^ L « , «7? s O. At © Bob adds a«r mtewuto W «d W ta m£ 

object, a^S^t^S^^ a^Srrf^ W ^ 
O At <§i B«K t^JT^ CDn «"««7^ Seta a distorted TOtenaark. At ® Alice adds tannasproofia? T to 
Bob^ ^°b tries to remove W fcaxn. O, but, due to tite tamperpsoafxag, O will berrradeednseleM to 
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CQHST C 



'Copyright <C)., 





cfcar T; 
ssitck e 


{ 










case 1 


* 










case 5 




V 








case' 6 








>pj 




case 8 




¥ 








case 9 






at 






} 








«/ 



String Vj 

if Input — X { 

VC23=» , 0 J ; YKH'Y J 



posh 'C 

• • • * 

pus2i *0 J 

push *pj 
» « * » 

posit *T* 
posh 



if Input ~ X 
DisplayCTeaaffic) 




FIGURE 2 



Figure 2: ia © Alice embeds a TOteaaark in tite 

watemark is embedded in the text (code) section of the program, la © the watermark gets embedded ma 
global variable Vwben the program is xaa with input Z. 3n 6$ wru^T^yV ,> ^^^^ ' m t h ff rTfy > TTtimi 
trace wizen the program is rim wifeli input X. & ® the watermark is ^W/?p<? in tfe» ^^^h^ ^K^nr 
(an "Easter Egg 0 ) of the program wixea it ia nni witk input X. 
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String G (isrc n) { 
iaxt i=0 ,3c; 
String S; 
idiile (i) { 

LI: if Ca—i) {SCi^^A^jJc^Ojgo-feo L6} ; 

L2: if Cn=2) {S Ex++] ="2" ;3c=*-2 ; goto LS}; 

L3: if Cnr«3) {SEi+*3~*C w ;goto LS}; 

L4: if Cn=— 4) {S [i+^^^jgcto LB}; 

LS: if Ca=5) {Stx^>*C«;goto Lli}; 
if Cn>12) goto Li; 

L6: if Gc+-HC=2) {S [i++3~*2.* ;gota LS} else goto L8; 

LSr xstiECZL S ; . 

L9; S[i-Ha~ w C w ; gate LiO; 

L10: SCi-KI^H" ; goto LS; 

Lii: S[i-^3= W C W ^ goto L±2; 

L12: goto L10; 

} 

} 

FIGURE 5 

Figure 3: A function producing the the strings "AAA", "BAAAA*, "XCB^j and "CCS". 




FIGURE 4 



Fignre 4: fixsertsag bogss predicates in a program. Ik © an opaque predicate b > 5 r is inserted. Tiis 
predicate is always true. 3a © an apaqae predicate rand(0, 9) < 5 7 is inserted. This predicate is ranetaiaes 
tnie (in "widca case B is executed), and sotth^ttw false (in widen case an obfuscated ^ersicn of 3 is 
esecsted). In © an opaque trae predicate is inserted* This predicate appears to sometimes ~w»*rta> an 
obfuscated boggy Terskm of JB, but, m feet, never does. 
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<i) bod A,B,C; 
(2) B - False; 
<3) C - False; 
C4) C = A A B; 
C5) C — A ft B; 
C6) if CAD - 
C7) if CB) • 



A 



A5DCA.B3 j{ 0 1 2 3 



B 



0 I 3 
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0 


0 


1 9 3 
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2 1 0 


2 
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3 I 3 
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7T 



(10 short al,a2,bl,T>2,cl,c2j 
C2 J ) bi-Oj b2=0; 
C3») cl=i; c2=l; 

C4») x=ABD C2*al+a2 , 2*bl+b2j ; cZ*x/2; c2=zj2; 
CS J ) cl-<al " a2) & Cfel ~ b2> ; e2=C; 
<6») x=2»al+a2; if |J Cx=-2J) 

C7 J ) if Cbi ~ b2) 



FIGURE 5 



Figure 5: Variable spiriting fraTmfo We show one possible rfwfre of representation far split boolean 
variables. The tabie indicates that boolean -variable V has been split into two short integer" variables ? 
and 9 . gp^ g^O arp^g^ltbeqyis False, otherwise, V is True. Given this new representation, 
•are devse substitutions for the bmk-in boolean operations. In the example, -we provide a ma-time lockup 
table for each operator. Given two boolean variables V x = jp.g] and F 3 = [r.jj, ^iV? is computed as 



Z(X + r,Y) «* 2=-T + (r+X) = zCx,Y)+-> 

ZCX,Y + r) « ^-(y + ^+X . zCX,Y)+r.2 33 

ZCl.r.Y) = 2°.Y+X. r » Z(X,Y) + {r-l)-X 

Z(X,Y.r) «. J^-Y-r+X = Z(X,Y) + (r- 1) -2» -Y 

ClO loaf Z"167T5S0861iS5E104£ ; 

C20 Z +- 6; 
C3') Z 47244640256; 
<4*> Z +- (c-l)*(Z ft 4294967295) ; 
<5>) Z += <d-l)*(Z ft 18446744069414584320); 

FIGURE 6 



Cl> iat X=45; 

in* Y=95; 
(23 X +- 5 j 
C3) Y +» 11; ^ 
C4) X «- c; 
C5) Y *=» d; 



Figure ft Merging two 32-bit -variables X and T into one 64-bit -variable Z. T occupies the too 32 bits of Z, 
X the bottom 32 bits. If the actaal range of either X or Y can be deduced from the program, less iutuiUve 
merges could be used. First -we giro rales for arirBtinn »™W ^irlVr 1 *'^'*^" with. X »^ Y, ^Vr* show some 
simple examples. 
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iat StsaCin* AO) { 

inrfc i,j sui&rK); 
iaft »?=A-length; 
for <x*0;x<a;i++> 

w» AEi] ; 
r e - Lor-u . son; 

} 



aztt SumCiat AD) { 

out sum^K), i=*0 5 pc*0; 
iafc sD=uw iaxtCSl, sp~- i; 
loop: yh-He (-true) 

SHitchC w fcga23ced w .charAtCpc)) { 

sBsii 6 Cap — 3 ; pc++; brsak; 
i++; pc-H-; break; 
st++sp3 = 1; pe++; break; 
if CsCsp— 3 > sEsrp — 2) pc — « 6; 
else break loop; break; 
sC++sp] = A. length; pc++; break; 
pc 5; break; 
s£sp3 - A[>Dsp33; p<M-+; break; 



case *a*: 
case *V: 
case : 
case a d»: 



case *e*: 
case 

case 3 g J z 



} 

xtafeuxo. Bum; 



FIGURE 7 



Kgnre 7: The Java method Son aa the left is obfuscated w i* *». , „ , 

This code is thea executed by a atads-bJed i^ZZl - , !™ S * "J? **• byteCode fc ^ bced " • 
cade. Tiu teduuqne * nmniar to Proeiatin^s 3uperop«aiars (20] 
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FICTRE 8 



^ ? "^T^ ^ 9thne » "d <?, and compotes their product «. At © *be embeds 
» m ^opofegy * a ffaph. Th* graph is fc« watenaa^ W. At ® W is comerted to a whick 
bwto ttagraph. At @ the program is embedded into tie original program O, snch that when O, is 
"'w^ ^» o oir3i>.A]so t a recognizer program 7t is constructed, wisch. is acle to idestzrjr' 

Won the heap, and extract n from it. At © tamp^rproofmg is added, to prevent the graph W being 

-wumj-onewna can lacttjr 7*s « can prove the legal origin of Alice's 
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4 . 6 i + 1-6° =4453=61*73 



Figure <fc Embedding- a watermark into a graph structure. The aU ' uelurc is essentially a Hnked list* The 
rightmost pointer of each node is the next field, white the sec ond field encodes a digit, in this prampie, 
0==n»ll (/), I=a setf-pointer, 2=a one-step back pointer, 3^=a one step forward pointer, 4=a two step back 
pointer, and 5=a 2 step fewaxd pointer. This allows vcs to encode a TOlne 51 * 73 = 4453 w as the base-6 
Tahze 32341«« 




figure 10: The twenty-second tree ia an emxmerar 
tion of the oriented trees with seven Ter tices . 
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Figure 11: A 5-cIique is used to mark the beginning of an encoded toIub- 
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class T -[ class T { 

* carj =9* in* F2; 
- T e&ri T J3; 




13: 5& 



class T { 
ixcfc a; 
T car; 
T cdr; 

> 

2i =■ new T; 



class T { 
xat a; 
Tl bogus; 

class Tl { 
. T caar; 
X cdr; 

} 

a m ne» T; 



So 




FIGURE 12 



^^^^-^L^^^^^j^^^^r^ j^??"^? ^•^*" E ' S * ® Tsogns painter fields to all nodes of type T. Jxi 

© we rename and reorder fields. In. © -we odd % level a£ indirection by splitting all aodes^ 



in tno. 
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class C {public ixrfc a; public C car, car;} 

public ststic void ma in (String □ args) { 
Field □ F « C,clas3.gB-fcFaeldsO J 
if CF.lengtb !=s 3} 

di*0; 
ix CFI01 .getXjptaO- 

java.laug . Integer ^TtFE) 

if CFpa.gstTjpeQ I- class) 
dieO; 

i£ CFE23 .gsrfcTypeO I- C. class) 
diaO; 



class C {public dxct a; public C car, cdx;} 

public static void maiaCStrxzigQ args) 

throws JoSuciFieldErcaptioa, 

IllagalAccsssExeepticu { 
Field f ; 
String Y; 
C a « iiaw CQ ; • 
Class c * a^gatClassO; 
if CP**) { 

£ c,gatFialdCV = ^ carit ) ; 

© f.setCa, mill) 3 

} 

Field F - c-getFieldsQ ; 
iarfc E; 

© FEBr 1 ]] .sat Go., car); 

} 

(H 



FIGTO5 13 

Figure 13: Examples cftamperprocfiiig Java code using the reflection interface, 



SUBSTITUE SHEET (Rule 26) 



09/719399 

PCT/NZ99/00081 

10/11 




l<3 t 



SUBSTITUE SHEET (Rule 26) 



09/719399 



11/11 



PCT/NZ99/00081 




4% s 
|® ^ 

a s * 

&<S * 
?=" 

•a "** « 
° & 

o 
e 

|J§f 

eis § 

< S£ 

iff a 

« 5 g 

S §5 
P S 

till 



fell 



10 

0 

E 



SUBSTITUE SHEET (Rule 26) 



\ttomey Docket: 1968NP/CC503326-003 

Page 1 of 2 



DECLARATION AND POWER OF ATTORNEY FOR UTILITY PATENT APPLICATION 
As a below named inventor, I hereby declare that: 

My residence, post office address and citizenship are as stated below, next to my name, 

I believe that I am the original, first and sole inventor (if only one name is listed below) or an original first and joint 
inventor (if plural names are listed below) of the subject matter which is claimed and for which a patent is souqht on 
the invention entitled ' a 

SOFTWARE WATERMARKING TECHNIQUES 

the specification of which 

is attached hereto. 

A was assigned Ser. No. 09/719.399 and International Filing date June 10. 1999 . 

I hereby state that I have reviewed and understand the contents of the above-identified specification includinq the 
claims, as amended by any amendment referred to above. I do not know and do not believe that the same was ever 
known or used in the United States of America before my invention thereof, or patented or described in any printed 
plication in any country before my invention thereof or more than one year prior to this application that the same 
W not in public use or on sale in the United States of America more than one year prior to this application and said 
indention has not been patented or made the subject of an inventor's certificate issued before the date of this 
application in any country foreign to the United States of America on an application filed by me or my legal 
representatives or assigns more than twelve months prior to this application. 

IS 9 ! *! e d f u ^ to di f c ' ose information which is material to the examination of this application in accordance 
w^h Title 37, Code of Federal Regulations, Section 1 .56 (a). 

reby claim foreign priority benefits under Title 35, United States Code, Section 1 19, of any foreign application(s) 
patent or inventor's certificate listed below and have also identified below any foreign application for patent or 
igentor s certificate having a filing date before that of the application on which priority is claimed: 

fflor Foreign Application^ Priority Claimed 

PbT/NZ99/00081 PCT 10 June 1999 (10.06.99) X 

(Number) (Country) (Day/Month/Year Filed) Yes No 

330675 NZ 10 June 1998 (10.06.98) x 

(Number) (Country) (Day/Month/Year Filed) Yes No 

I hereby claim the benefit under Title 35, United States Code, Section 120 of any United States application(s) listed 
below and insofar as the subject matter of each of the claims of this application is not disclosed in the prior United 
States application in the manner provided by the first paragraph of Title 35, United States Code Section 112 I 
acknowledge the duty to disclose material information as defined in Title 37, Code of Federal Regulations, Section 
1 .56(a) which occurred between the filing date of the prior application and the national or PCT international filing date 
or tnis application: * 



(Application Serial No.) (Filing Date) (Status - patented, pending, abandoned) 



(Application Serial No.) 



(Filing Date) 



(Status patented, pending, abandoned) 



24. JAN. 2001 14:36 



] S « AUCKLAND 



HO. 5937 P. 3 



AtiorBSy Docket: 1968NP/CC503326-0Q3 
Page 2 of 2 



I hereby appoint Joseph A. Sawyer, Jr., Reg. No. 30,801 ; Stephen G. Sullivan, Reg. No. 38.329 ; Janyce 
tR Bpghell, Reg^ilM;^ Mlchele Liu, Reg. No. : 44,875 : of SAWYER LAW GROUP LLP, located at 
2485 E. Bayshore Rd., Suite 406, Palo Alto, California 94303, telephone (660) 493-4540, as my attorneys 
with full power of substitution and revocation, to prosecute this application and to transact all business in the 
Patent and Trademark Office connected therewith. 

Address all telephone calls to Mr Joseph A. Sawyer, Jr at telephone number (660) 493-4540 and all 
correspondence to: 

Joseph A. Sawyer, Jr. 
Sfi5^ERAASSBCJAI£S 

Palo Alto, California 94303 

I hereby declare that all statements made herein of my own knowledge are true and that all statements 
made on information and belief are believed to be true; and further that these statements were made with the 
knowledge that willful false statements and the like so made are punishable by fine or imprisonment, or both, 
under Section 1 001 of Title 1 8 of the United States Code and that such willful false statements may jeopardize 
the validity of the application or any patent issued thereon. 



Full Name of flrat/jolnt Inventor: 
Residence Address; 

Post Office Address: 



Christian Sven Collberg 

781 8 E. Pristine PI, 

Tucson, A rizona 85750 H/L 

SAME 



Country of Citizenship: 

w 2^1, 2(ro \ 



Date 



Sweden 




Signature 



Full Name of second/joint Inventor: Clark David Th omborson 

Residence Address: 3/61 Fancourt Street 

Meadowbanks 
Auckland ^ 
New Zealand A/ 2^ 

Post Office Address: SAME 



Country of Citizenship: 



United States of America 



Date ^Signature 




